From 05a463843a9dbb4901974f22fb361873adcaae4b Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 31 Mar 2015 09:26:04 -0400
Subject: Fix a few misc encoding issues in load balancer code.

---
 usr/local/www/classes/maintable.inc                 |  9 ++++++++-
 usr/local/www/load_balancer_monitor_edit.php        |  7 +++++--
 usr/local/www/load_balancer_pool.php                |  2 +-
 usr/local/www/load_balancer_pool_edit.php           | 11 +++++++----
 usr/local/www/load_balancer_virtual_server.php      |  4 ++--
 usr/local/www/load_balancer_virtual_server_edit.php |  3 +++
 6 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/usr/local/www/classes/maintable.inc b/usr/local/www/classes/maintable.inc
index 6d3cfa9..49d614e 100644
--- a/usr/local/www/classes/maintable.inc
+++ b/usr/local/www/classes/maintable.inc
@@ -107,6 +107,7 @@ class MainTable {
 	private function display_rows() {
 		global $g;
 		$cur_row = 0;
+		$encode_cols = array("name", "descr");
 		foreach ($this->content as $row) {
 			echo "<tr>\n";
 			for ($col = 0; $col < $this->columns - 1; $col++) {
@@ -118,15 +119,21 @@ class MainTable {
 				echo "  <td class=\"{$cl}\" onclick=\"fr_toggle({$cur_row})\" id=\"frd{$cur_row}\" ondblclick=\"document.location='{$this->edit_uri}?id={$cur_row}'\">\n";
 				if (is_array($row[$this->cname[$col]])) {
 					foreach ($row[$this->cname[$col]] as $data) {
+						if (in_array($this->cname[$col], $encode_cols)) {
+							$data = htmlspecialchars($data);
+						}
 						echo "    {$data}<br />\n";
 					}
 				} else {
+					if (in_array($this->cname[$col], $encode_cols)) {
+						$row[$this->cname[$col]] = htmlspecialchars($row[$this->cname[$col]]);
+					}
 					echo "    " . $row[$this->cname[$col]] . "\n";
 				}
 				echo "  </td>\n";
 			}
 			echo "  <td class=\"listbg\" onclick=\"fr_toggle({$cur_row})\" id=\"frd{$cur_row}\" ondblclick=\"document.location='{$this->edit_uri}?id={$cur_row}'\">\n";
-			echo "    <font color=\"#FFFFFF\">{$row[$this->cname[$this->columns - 1]]}</font>\n";
+			echo "    <font color=\"#FFFFFF\">" . htmlspecialchars($row[$this->cname[$this->columns - 1]]) . "</font>\n";
 			echo "  </td>\n";
 			echo "  <td class=\"list nowrap\">\n";
 			$this->display_buttons($cur_row);
diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php
index 1f30a4f..280244b 100644
--- a/usr/local/www/load_balancer_monitor_edit.php
+++ b/usr/local/www/load_balancer_monitor_edit.php
@@ -97,8 +97,11 @@ if ($_POST) {
 		if (($_POST['name'] == $config['load_balancer']['monitor_type'][$i]['name']) && ($i != $id))
 			$input_errors[] = gettext("This monitor name has already been used.  Monitor names must be unique.");
 
-	if (strpos($_POST['name'], " ") !== false)
-		$input_errors[] = gettext("You cannot use spaces in the 'name' field.");
+	if (preg_match('/[ \/]/', $_POST['name']))
+		$input_errors[] = gettext("You cannot use spaces or slashes in the 'name' field.");
+
+	if (strlen($_POST['name']) > 16)
+		$input_errors[] = gettext("The 'name' field must be 16 characters or less.");
 
 	switch($_POST['type']) {
 		case 'icmp': {
diff --git a/usr/local/www/load_balancer_pool.php b/usr/local/www/load_balancer_pool.php
index a52cc9a..46e4e1c 100644
--- a/usr/local/www/load_balancer_pool.php
+++ b/usr/local/www/load_balancer_pool.php
@@ -92,7 +92,7 @@ for ($i = 0; isset($config['load_balancer']['monitor_type'][$i]); $i++) {
 	$mondex[$config['load_balancer']['monitor_type'][$i]['name']] = $i;
 }
 for ($i = 0; isset($config['load_balancer']['lbpool'][$i]); $i++) {
-	$a_pool[$i]['monitor'] = "<a href=\"/load_balancer_monitor_edit.php?id={$mondex[$a_pool[$i]['monitor']]}\">{$a_pool[$i]['monitor']}</a>";
+	$a_pool[$i]['monitor'] = "<a href=\"/load_balancer_monitor_edit.php?id={$mondex[$a_pool[$i]['monitor']]}\">" . htmlspecialchars($a_pool[$i]['monitor']) . "</a>";
 }
 
 $pgtitle = array(gettext("Services"), gettext("Load Balancer"),gettext("Pool"));
diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php
index f3b0dca..4eaa6f0 100644
--- a/usr/local/www/load_balancer_pool_edit.php
+++ b/usr/local/www/load_balancer_pool_edit.php
@@ -87,8 +87,11 @@ if ($_POST) {
 		if (($_POST['name'] == $config['load_balancer']['lbpool'][$i]['name']) && ($i != $id))
 			$input_errors[] = gettext("This pool name has already been used.  Pool names must be unique.");
 
-	if (strpos($_POST['name'], " ") !== false)
-		$input_errors[] = gettext("You cannot use spaces in the 'name' field.");
+	if (preg_match('/[ \/]/', $_POST['name']))
+		$input_errors[] = gettext("You cannot use spaces or slashes in the 'name' field.");
+
+	if (strlen($_POST['name']) > 16)
+		$input_errors[] = gettext("The 'name' field must be 16 characters or less.");
 
 	if (in_array($_POST['name'], $reserved_table_names))
 		$input_errors[] = sprintf(gettext("The name '%s' is a reserved word and cannot be used."), $_POST['name']);
@@ -200,7 +203,7 @@ function clearcombo(){
 		<tr align="left">
 			<td width="22%" valign="top" class="vncellreq"><?=gettext("Name"); ?></td>
 			<td width="78%" class="vtable" colspan="2">
-				<input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?> size="16" maxlength="16" />
+				<input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"" . htmlspecialchars($pconfig['name']) . "\"";?> size="16" maxlength="16" />
 			</td>
 		</tr>
 		<tr align="left">
@@ -215,7 +218,7 @@ function clearcombo(){
 		<tr align="left">
 			<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
 			<td width="78%" class="vtable" colspan="2">
-				<input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"{$pconfig['descr']}\"";?> size="64" />
+				<input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"" . htmlspecialchars($pconfig['descr']) . "\"";?> size="64" />
 			</td>
 		</tr>
 
diff --git a/usr/local/www/load_balancer_virtual_server.php b/usr/local/www/load_balancer_virtual_server.php
index aa5e074..04a4d7b 100644
--- a/usr/local/www/load_balancer_virtual_server.php
+++ b/usr/local/www/load_balancer_virtual_server.php
@@ -87,9 +87,9 @@ for ($i = 0; isset($config['load_balancer']['lbpool'][$i]); $i++) {
 }
 for ($i = 0; isset($config['load_balancer']['virtual_server'][$i]); $i++) {
 	if($a_vs[$i]) {
-		$a_vs[$i]['poolname'] = "<a href=\"/load_balancer_pool_edit.php?id={$poodex[$a_vs[$i]['poolname']]}\">{$a_vs[$i]['poolname']}</a>";
+		$a_vs[$i]['poolname'] = "<a href=\"/load_balancer_pool_edit.php?id={$poodex[$a_vs[$i]['poolname']]}\">" . htmlspecialchars($a_vs[$i]['poolname']) . "</a>";
 		if ($a_vs[$i]['sitedown'] != '') {
-			$a_vs[$i]['sitedown'] = "<a href=\"/load_balancer_pool_edit.php?id={$poodex[$a_vs[$i]['sitedown']]}\">{$a_vs[$i]['sitedown']}</a>";
+			$a_vs[$i]['sitedown'] = "<a href=\"/load_balancer_pool_edit.php?id={$poodex[$a_vs[$i]['sitedown']]}\">" . htmlspecialchars($a_vs[$i]['sitedown']) . "</a>";
 		} else {
 			$a_vs[$i]['sitedown'] = 'none';
 		}
diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php
index 98303a0..102b520 100644
--- a/usr/local/www/load_balancer_virtual_server_edit.php
+++ b/usr/local/www/load_balancer_virtual_server_edit.php
@@ -92,6 +92,9 @@ if ($_POST) {
 	if (preg_match('/[ \/]/', $_POST['name']))
 		$input_errors[] = gettext("You cannot use spaces or slashes in the 'name' field.");
 
+	if (strlen($_POST['name']) > 32)
+		$input_errors[] = gettext("The 'name' field must be 32 characters or less.");
+
 	if ($_POST['port'] != "" && !is_portoralias($_POST['port']))
 		$input_errors[] = gettext("The port must be an integer between 1 and 65535, a port alias, or left blank.");
 
-- 
cgit v1.1